Archive for the ‘php’ tag
My WordPress hacked by c99madshell script
After all the excitement of last Friday’s attempted hack on my travelblog, and the subsequent upgrade to WordPress 2.6 - I thought everything was under control. Boy was I wrong!
A few hours ago I received a blog comment (from a Mr Andrew Wong) on the travelblog:
http://www.lee-and-lucy.com/travelblog/index.php?p=5817
check this out!!
I clicked the link, my jaw dropped! It wasn’t an attempted hack, it was a very successful hack… I felt violated -in a digital sense. The threat was far from over!
From looking through the WordPress management screens, I couldn’t find a blog post with the ID #5817. I opened up phpMyAdmin to see if it was in the database; nope, nada, nothing!
I wanted to see the extend of the problem, so I googled “site:lee-and-lucy.com“, and found a “lot” of pages… oh yes, LOTS OF SPAM!
To say the least, I was furious! I wanted to; a. resolve this asap; b. find out how this happened; c. cause pain to this would-be hacker! Obviously, option c. goes against my good karma nature, but they digitally violated my site; sticking spam in places that spam should never go!!! Furious I tell you!
Digging through my WordPress files, I find a PHP script in my theme folder called “simple.php“; it contains a nested “eval(gzinflate(base64_encode()))” string. Very suspect. I try to manually decrypt the string, (replacing the eval with an echo), but it’s nested a few levels deep… so I found a snippet of code that would easily decode/decrypt it.
The script turned out to be a modified version of c99madshell, specifically focused on WordPress hi-jacks. The script tries to inject a small trojan code into one of the core WP files (for me it was the “wp-blog-header.php“). I removed the hi-jacked code, along with the “simple.php” file (from my theme folder) - then re-upgraded to the latest WordPress (2.6) … just to overwrite any other tampered files.
Hopefully this should be the end of this matter (until next time) …. I’ll be keeping a careful eye on my WordPress installations now on.
WordPress: “post.php” is blank after publishing
Whilst I was helping out Bookninja earlier this week, I came across a strange problem in WordPress.
Every time we tried to publish a new blog post (or page), there would be a pause, then the page would go blank.
(This was on the “post.php” page)
I spent a long time trying to figure out what the issue was… even longer googling it!
Several pages into the Google results, I found the answer! Thank you Sean Deasy!
WordPress posting issue solved at last 
It seems that Bookninja’s hijacker added a rogue URL to the notification/ping-list (http://www.newsisfree.com/RPCCloud), who knows why it was put there, but it was definitely the cause of the blank “post.php” issue!
After removing the rogue URL, everything was working fine again!
Hello world!
Hello and welcome to my new weblog (generously hosted here on WordPress.com).
I’ve spent the last year (or so) trying to figure out how to best present myself online. My last attempt was over on at leekelleher.com. I had some information about myself, a linklog and details of a WordPress plugin that I developed.
I found that the linklog became redundant, as it’s easier for me to use del.icio.us for my links/bookmarks.
The Category Cloud widget page is pretty much a mirror of the content hosted over at WordPress.org’s Plugins Directory.
Apart from the tidbits of information, my personal site is somewhat lacking… and definitely overkill to maintain a WordPress installation (with regular updates, patches and security releases - it was becoming too much of a chore!)
So my latest “plan” is to have all my “user-generated content” off-site; del.icio.us (combined with digg & Google Reader) for links, Flickr for photos, last.fm for music-profiling and (of course) WordPress for the content (blog posts/journals/articles).
I started to look at a PHP script called Personal Zeitgeist to pull everything together. It looks decent enough, so I’ll see how I get on with it.
